[Full-Disclosure] Penetration Testing or Vulnerability Scanning?

From: Rizwan Ali Khan (rizwanalikhan74at_private)
Date: Sun Mar 02 2003 - 01:08:26 PST

Next message: Ryan: "Finding real host in Nmap -D Scans"

Next in thread: hellNbak: "Re: [Full-Disclosure] Penetration Testing or Vulnerability Scanning?"
Reply: hellNbak: "Re: [Full-Disclosure] Penetration Testing or Vulnerability Scanning?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When usually we talk about penetration testing tools, people mosly refer to Vulnerability Scanners like iss, typhon, nessus, cybercop etc.

However penetration testing tools are those who penetrate as well, the above scanners do not do that.

One needs to have a working version of SSH exploit for the SSH vulnerability detected by the vulnerability scanner, so is it necessary for penetration tester to have access to the latest of underground exploit? or could all this be done in an ethical manner too?

please guide I am so confused between two of these methodologies.



---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, and more
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Ryan: "Finding real host in Nmap -D Scans"
Next in thread: hellNbak: "Re: [Full-Disclosure] Penetration Testing or Vulnerability Scanning?"
Reply: hellNbak: "Re: [Full-Disclosure] Penetration Testing or Vulnerability Scanning?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Mar 02 2003 - 01:30:48 PST